Latest revision as of 22:41, 3 February 2008

Important Note

Please note that these manual installation instructions should only be used on Ubuntu distributions, such as Ubuntu Gutsy Gibbon 7.10 server, the distribution the document was written for. If you install Scalix on an unsupported platform, this invalidates your ability to receive Scalix support. Thank you for your understanding and compliance.

This document might be inaccurate and under construction. Do not trust this document.

Configuring Clamav on Ubuntu 7.10 Server (Gutsy Gibbon)

As Ubuntu 7.10 is an unsupported platform there is currently no manual describing the configuration of Clamav (an advanced anti-virus solution) to be used with Scalix. As I managed to get Scalix it up and running and I already documented and shared this with the community (here), I thought it would be useful to share my experiences regarding the Clamav configuration as well.

So below you'll find a how-to that describes the configuration of Clamav to be used with Scalix on a Ubuntu 7.10 server.

Clamav (Clam AntiVirus) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

I used several sources of information on the web. I listed the ones I can remember at the end of the document under Sources.

Applicable Environments

These Installation instructions have been tested with

Scalix CE 11.3.0
Ubuntu 7.10 Server (Gutsy Gibbon)

They might not apply unmodified to any other version of Scalix or Ubuntu.

Install the Clamav software

Clamav is Open Source Software available on the internet here. nder Ubuntu we have a package available that can be installed directly with apt-get, but unfortunately the 'standard' package contains an outdated version. No worries, to get an actual version, we can use the repository available here. To do so, add the following line to the file /etc/apt/sources.list:

deb http://ppa.launchpad.net/ubuntu-clamav/ubuntu gutsy main

Afterwards, run:

sudo apt-get update

At last, install the Clamav software using this command:

sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam

Add clamav user to the Scalix group

For Clamav to be able to cooperate with Scalix, you should add the Clamav user clamav to the SCalix group Scalix. Do this by editing /etc/group with your favorite editor, in this example vi is used, but feel free to use whatever editor you like. Edit the /etc/group file:

sudo vi /etc/group

To add the clamav user to the scalix group, add clamav to the line:

scalix:x:120:

This is what the result should look like:

scalix:x:120:clamav

Configure Clamav

Create ruleset

To create a ruleset which controls the virus protection of the Scalix server, create a file in the directory /var/opt/scalix/<instance>/s/rules/ called ALL-ROUTES.VIR. This file should contain the following two lines:

VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."

Create non-delivery notification

Next create a non-delivery notification, a text file with the message to be sent if a virus was found. This file should be called ndninfo.txt and should be created in the folder /var/opt/scalix/<instance>/s/rules/. This ndninfo.txt file should contain this text:

Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update you virus protection software.

Configure mapper script

Next, you'll have to set up the mapper script. The file omvscan.map is the virus scanning mapper script that links Scalix and the Clamav virus scanning application. So let's copy the example script to our rules folder /var/opt/scalix/<instance>/s/rules/:

sudo cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/<instance>/s/rules/

Now, change the ownership and the permission of the file /var/opt/scalix/<instance>/s/rules/omvscan.map by invoking these commands:

 sudo chown root:root /var/opt/scalix/<instance>/s/rules/omvscan.map
 sudo chmod 555 /var/opt/scalix/<instance>/s/rules/omvscan.map

Start Clamav

First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands:

sudo /etc/init.d/clamav-daemon start
sudo /etc/init.d/clamav-freshclam start

Restart Scalix and check the configuration

To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:

Turn up the audit logging for service router to 13:

sudo /opt/scalix/bin/omconfaud router 13

Turn up the debug logging for service router to 15:

sudo /opt/scalix/bin/omconflvl router 15

Restart the service router, first stop it:

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again:

sudo /opt/scalix/bin/omon rtr

Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website (here). After unpacking the clamav-0.92.tar.gz file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.

If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the /var/opt/scalix/s2/s/logs/omvscan.log log file. Please do so using:

tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log

This should show you some lines that look like those below:

2008-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
2008-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND
2008-02-03 23:21:00:PID=30089:
2008-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY -----------
2008-02-03 23:21:00:PID=30089:Infected files: 1
2008-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s)
2008-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089

Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.

Turn back the audit logging for service router to 7:

sudo /opt/scalix/bin/omconfaud router 7

Turn back the debug logging for service router to 7:

sudo /opt/scalix/bin/omconflvl router 7

Restart the service router, first stop it:

sudo /opt/scalix/bin/omoff -d 0 rtr

And next start it again:

sudo /opt/scalix/bin/omon rtr

If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!

Sources

The author

The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with Clamav to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.

If you have any questions, remarks, comments or suggestions regarding this document, do not hesitate to contact me by e-mail: mailto:max_DOT_wiertz_AT_gmail_DOT_com.

@@ Line 11: / Line 11: @@
 So below you'll find a how-to that describes the configuration of Clamav to be used with Scalix on a Ubuntu 7.10 server.
-Spamassassin is a computer program released under the Apache License 2.0 used for e-mail spam filtering based on content-matching rules, which also supports DNS-based, checksum-based and statistical filtering, supported by external programs and online databases.
+Clamav (Clam AntiVirus) is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.
 I used several sources of information on the web. I listed the ones I can remember at the end of the document under '''''Sources'''''.
@@ Line 27: / Line 27: @@
 == Install the Clamav software ==
-Clamav is Open Source Software available on the internet [http://spamassassin.apache.org here]. Under Ubuntu we have a package available that can be installed directly with apt-get. So install the spamassassin package:
+Clamav is Open Source Software available on the internet [http://www.clamav.net here]. nder Ubuntu we have a package available that can be installed directly with apt-get, but unfortunately the 'standard' package contains an outdated version. No worries, to get an actual version, we can use the repository available [https://launchpad.net/~ubuntu-clamav/+archive here]. To do so, add the following line to the file '''/etc/apt/sources.list''':
+ deb http://ppa.launchpad.net/ubuntu-clamav/ubuntu gutsy main
+Afterwards, run:
+ sudo apt-get update
+At last, install the Clamav software using this command:
+ sudo apt-get install clamav-base clamav clamav-daemon clamav-freshclam
- sudo apt-get install spamassassin spamass-milter
+== Add clamav user to the Scalix group ==
-== Configure spamassassin ==
+For Clamav to be able to cooperate with Scalix, you should add the Clamav user ''clamav'' to the SCalix group ''Scalix''. Do this by editing '''/etc/group''' with your favorite editor, in this example ''vi'' is used, but feel free to use whatever editor you like. Edit the '''/etc/group''' file:
+ sudo vi /etc/group
+To add the ''clamav'' user to the ''scalix'' group, add '''clamav''' to the line:
+ scalix:x:120:
+This is what the result should look like:
+ scalix:x:120:clamav
-=== Configure Scalix ===
-Scalix can now be configured to filter mail through spamassassin (using sendmail). You can achieve this by adding one line to the '''/var/opt/scalix/<instance>/s/sys/smtpd.cfg''' configuration file. Please add this line:
- SMTPFILTER=TRUE
-above the line:
- RELAY accept 127.0.0.1
-=== Configure sendmail ===
+== Configure Clamav ==
-To make sendmail use spamassassin to filter all mail passing by, another file needs to be added to the '''/etc/mail/sendmail.mc'''. Add this line at the end of the file:
- INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
-Now use the M4 macro processor to translate the /etc/mail/sendmail.mc file into a format sendmail understands (/etc/mail/sendmail.cf). This can be taken out by:
+=== Create ruleset ===
+To create a ruleset which controls the virus protection of the Scalix server, create a file in the directory '''/var/opt/scalix/<instance>/s/rules/''' called '''ALL-ROUTES.VIR'''. This file should contain the following two lines:
- sudo bash -c "cd /etc/mail/ && m4 sendmail.mc > sendmail.cf"
+<pre>
+VIRUS-UNCLEANED=1 ACTION=REJECT NDN-INFO=ndninfo.txt
-=== Configure spamassassin ===
+VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW NOTIFY="A virus was found in your message. It was successfully cleaned and sent to the recipient. However we highly recommend that you install or update your virus protection software and scan your computer for viruses."
+</pre>
-To make spamassassin run in daemon mode, you'll have to edit the configuration files: '''/etc/default/spamassassin''' and '''/etc/default/spamass-milter'''.
-In the file '''/etc/default/spamassassin''' you have to change the line ''ENABLED=0'' into ''ENABLED=1''. After that the file should look like this:
+=== Create non-delivery notification ===
+Next create a non-delivery notification, a text file with the message to be sent if a virus was found. This file should be called '''ndninfo.txt''' and should be created in the folder '''/var/opt/scalix/<instance>/s/rules/'''. This '''ndninfo.txt''' file should contain this text:
 <pre>
-# /etc/default/spamassassin
+Text = A virus was detected in your message and could not be cleaned, therefore it was not delivered. We highly recommend that you install or update you virus protection software.
-# Duncan Findlay
-# WARNING: please read README.spamd before using.
-# There may be security risks.
-# Change to one to enable spamd
-ENABLED=1
-# Options
-# See man spamd for possible options. The -d option is automatically added.
-# SpamAssassin uses a preforking model, so be careful! You need to
-# make sure --max-children is not set to anything higher than 5,
-# unless you know what you're doing.
-OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
-# Pid file
-# Where should spamd write its PID to file? If you use the -u or
-# --username option above, this needs to be writable by that user.
-# Otherwise, the init script will not be able to shut spamd down.
-PIDFILE="/var/run/spamd.pid"
-# Set nice level of spamd
-#NICE="--nicelevel 15"
-# Cronjob
-# Set to anything but 0 to enable the cron job to automatically update
-# spamassassin's rules on a nightly basis
-CRON=0
 </pre>
-In the file '''/etc/default/spamass-milter''' you have to change the line ''OPTIONS="-u spamass-milter -i 127.0.0.1"'' into ''OPTIONS="-u spamass-milter"''. After that the file should look like this:
+=== Configure mapper script ===
+Next, you'll have to set up the mapper script. The file '''omvscan.map''' is the virus scanning mapper script
+that links Scalix and the Clamav virus scanning application. So let's copy the example script to our rules folder '''/var/opt/scalix/<instance>/s/rules/''':
+ sudo cp /opt/scalix/examples/general/omvscan.map /var/opt/scalix/<instance>/s/rules/
+Now, change the ownership and the permission of the file '''/var/opt/scalix/<instance>/s/rules/omvscan.map''' by invoking these commands:
 <pre>
-# spamass-milt startup defaults
+ sudo chown root:root /var/opt/scalix/<instance>/s/rules/omvscan.map
+ sudo chmod 555 /var/opt/scalix/<instance>/s/rules/omvscan.map
-# OPTIONS are passed directly to spamass-milter.
-# man spamass-milter for details
-# Default, use the nobody user as the default user, ignore messages
-# from localhost
-OPTIONS="-u spamass-milter"
-# Reject emails with spamassassin scores > 15.
-#OPTIONS="-r 15"
-# Do not modify Subject:, Content-Type: or body.
-#OPTIONS="-m"
-######################################
-# If /usr/sbin/postfix is executable, the following are set by
-# default. You can override them by uncommenting and changing them
-# here.
-######################################
-# SOCKET="/var/spool/postfix/spamass/spamass.sock"
-# SOCKETOWNER="postfix:postfix"
-# SOCKETMODE="0660"
-######################################
 </pre>
-== Start spamassassin and restart sendmail and Scalix smtp services ==
+== Start Clamav ==
-First let's start the spamassassin services, do so using the following commands:
+First let's start the Clamav service and the freshclam (virus database updater), do so using the following commands:
 <pre>
-sudo /etc/init.d/spamassassin start
+sudo /etc/init.d/clamav-daemon start
-sudo /etc/init.d/spamass-milter start
+sudo /etc/init.d/clamav-freshclam start
 </pre>
-Next, let's restart the sendmail daemon:
- sudo /etc/init.d/sendmail start
+== Restart Scalix and check the configuration ==
+To check if Scalix and Clamav work together properly, let's turn up the audit logging level for the Scalix services and send a few test mails containing viruses. If everything is all right, reduce the logging level again and enjoy. Let's start:
-And last but not least, restart the Scalix smtp service. To do this, you'll first have to stop the Scalix smtpd via this command:
+Turn up the audit logging for service router to 13:
+ sudo /opt/scalix/bin/omconfaud router 13
-  sudo /opt/scalix/omoff -w -d 0 smtpd
+Turn up the debug logging for service router to 15:
+  sudo /opt/scalix/bin/omconflvl router 15
-After the service has been stopped successfully, you can start it again by invoking:
+Restart the service router, first stop it:
+ sudo /opt/scalix/bin/omoff -d 0 rtr
+And next start it again:
+ sudo /opt/scalix/bin/omon rtr
- sudo /opt/scalix/omon smtpd
+Now check if the virus scanner works, send yourself a few mail messages containing some test viruses. You can find safe, innocent test viruses to be used with Clamav in the Clamav source tarball. This tarball can be found on the Clamav website ([http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.tar.gz here]). After unpacking the '''clamav-0.92.tar.gz''' file, you can find the test viruses (named clam-v2.rar, clam-v3.rar, clam.cab, clam.exe, clam.exe.bz2 and clam.zip) in the test folder.
+If everything works as expected, you should receive a message that your e-mail messages could not be delivered because it contains virus infected files. Further you should be able to find out what happened when looking into the '''/var/opt/scalix/s2/s/logs/omvscan.log''' log file. Please do so using:
+ tail -400 /var/opt/scalix/<instance>/s/logs/omvscan.log
-== Check the spamassassin configuration ==
+This should show you some lines that look like those below:
-Next, to check the configuration, have a look at the log file '''/var/log/mail.log'''. You can check it by using:
+<pre>
+-02-03 23:21:00:PID=30089:############## start /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
+-02-03 23:21:00:PID=30089:/var/opt/scalix/<instance>/s/data/000001e/0001uqq: ClamAV-Test-File FOUND
+-02-03 23:21:00:PID=30089:
+-02-03 23:21:00:PID=30089:----------- SCAN SUMMARY -----------
+-02-03 23:21:00:PID=30089:Infected files: 1
+-02-03 23:21:00:PID=30089:Time: 0.026 sec (0 m 0 s)
+-02-03 23:21:00:PID=30089:############## end /var/opt/scalix/<instance>/s/tmp/clamav.log.30089
+</pre>
- tail -400 /var/log/mail.log
+Once you're sure that Clamav is working properly together with Scalix, you can reduce the log levels again.
-If the spamassassin configuration is working correctly this type of output should appear in the '''mail.log''' file:
+Turn back the audit logging for service router to 7:
+ sudo /opt/scalix/bin/omconfaud router 7
-<pre>
+Turn back the debug logging for service router to 7:
-Feb  3 19:26:40 shrek2 spamd[26614]: prefork: child states: II
+  sudo /opt/scalix/bin/omconflvl router 7
-Feb  3 19:26:41 shrek2 spamd[26618]: spamd: connection from localhost [127.0.0.1] at port 34577
-Feb  3 19:26:41 shrek2 spamd[26618]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
+Restart the service router, first stop it:
-Feb  3 19:26:41 shrek2 spamd[26618]: spamd: processing message <4IX408EJXVWDA658@igsnow.com> for max.wiertz:65534
+  sudo /opt/scalix/bin/omoff -d 0 rtr
-Feb  3 19:26:52 shrek2 spamd[26618]: spamd: identified spam (15.5/5.0) for max.wiertz:65534 in 10.2 seconds, 1908 bytes.
+And next start it again:
-Feb  3 19:26:52 shrek2 spamd[26618]: spamd: result: Y 15 - RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,SUSPICIOUS_RECIPS,URIBL_SBL scantime=10.2,size=1908,user=max.wiertz,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=34577,mid=<4IX408EJXVWDA658@igsnow.com>,autolearn=failed
+  sudo /opt/scalix/bin/omon rtr
-</pre>
-If there's something wrong, have a look at the exact error message and fix the problem. If everything is all right, then you're done: congratulations!
+If there's something wrong, have a look at the log files and look for the exact error message and fix the problem. If everything is all right, then you're done: congratulations!
@@ Line 169: / Line 137: @@
 * http://www.scalix.com/forums/viewtopic.php?t=9766&highlight=allroutes+vir
 * http://wiki.clamav.net/Main/TestingClamAV
+* http://www.scalix.com/documents/Scalix_Setup_Guide_11.0.2.pdf
+* http://www.scalix.com/forums/viewtopic.php?p=7824&sid=ce90e8a99ca29074e853d9ffb3261719
 = The author =
-The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with spamassassin to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.
+The origin for this document was written by Max Wiertz. As a Scalix newbie, I invested a lot of work in getting Scalix together with Clamav to work for me on Ubuntu. I felt like sharing this with all of you, so you can probably take advantage of it.
 If you have any questions, remarks, comments or suggestions regarding this document, do not hesitate to contact me by e-mail: mailto:max_DOT_wiertz_AT_gmail_DOT_com.

Difference between revisions of "Configuring Clamav Ubuntu Gutsy"

Latest revision as of 22:41, 3 February 2008

Contents

Important Note

Configuring Clamav on Ubuntu 7.10 Server (Gutsy Gibbon)

Applicable Environments

Install the Clamav software

Add clamav user to the Scalix group

Configure Clamav

Create ruleset

Create non-delivery notification

Configure mapper script

Start Clamav

Restart Scalix and check the configuration

Sources

The author

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools